What We Can Learn from Cognizant Ignorance of Security Protocols

Clorox Company has filed a lawsuit against IT services provider Cognizant Technology Solutions, claiming gross negligence and breach of trust following a cyberattack that caused nearly $380 million in damages. The main accusation from Clorox is that Cognizant failed to follow established cybersecurity protocols during their ten-year partnership. In particular, unauthorized credential resets were carried out without properly verifying the identity of those making the requests.

The cyberattack, which took place on August 11, 2023, took advantage of these procedural mistakes multiple times, allowing cybercriminals to gain unrestricted access to Clorox’s corporate network. As a result, there were significant disruptions in critical operations such as supply chain management and order fulfillment. Clorox also argues that Cognizant's inadequate response to the incident made the breach even worse.

This case highlights an important principle in IT service partnerships: it is essential to strictly enforce cybersecurity protocols in order to protect organizational assets and maintain smooth operations. Despite Cognizant's reported $20 billion revenue in 2024 and claims of expertise in cybersecurity, Clorox describes their assurances as a "devastating lie," emphasizing that the attack could have been prevented.

In light of this incident, it's crucial for businesses to understand the goal of a business continuity plan and understand business continuity management. Such understanding can help mitigate risks associated with potential disasters, similar to what Clorox experienced. The necessity for disaster recovery risk management cannot be overstated, especially in industries like utilities where operational resilience is paramount. Companies should consider implementing tailored Utilities Resilience Programs that address specific real-world risks rather than relying on generic advice.

The Clorox-Cognizant Partnership and Cybersecurity Protocols

Clorox and Cognizant have been working together for over ten years. During this time, Cognizant has been responsible for important IT services, especially managing the employee service desk. This means that Cognizant handles tasks like recovering passwords and resetting credentials, which are crucial for keeping Clorox employees' access to the corporate network secure.

Key Points of the Clorox-Cognizant Partnership

Here are some key aspects of the partnership between Clorox and Cognizant:

• The partnership has lasted for more than ten years.
• Cognizant is in charge of providing specific IT services.
• One of the main responsibilities of Cognizant is to manage the employee service desk.
• Tasks such as recovering passwords and resetting credentials are part of this management role.

Importance of Cybersecurity Protocols

The Clorox cybersecurity protocols agreement clearly stated that strict authentication procedures must be followed before any credential resets can be approved. These protocols were put in place to prevent unauthorized access by making sure that service desk staff thoroughly verified the identity of anyone requesting a reset. It was Cognizant's job to carry out these procedures, where following security controls was absolutely necessary because corporate credentials are sensitive information.

Allegations Against Cognizant

Clorox has accused Cognizant of gross negligence and breach of trust. This accusation is based on claims that the agreed-upon cybersecurity protocols were consistently ignored by Cognizant. As a result, cybercriminals were able to gain unrestricted access to Clorox's systems because multiple credential reset requests were not properly authenticated.

This alleged failure to enforce basic security measures shows a significant lapse in protocol enforcement by Cognizant, despite its claimed expertise and contractual responsibilities. It also raises concerns about how well IT service partnerships maintain operational discipline when it comes to protecting sensitive information.

Risks Beyond Cybersecurity

The situation becomes even more complex because these breaches not only threaten cybersecurity but also endanger workplace safety. When confidential information is accessed unlawfully, it can lead to a series of negative outcomes that impact both the company's digital infrastructure and its physical work environment.

In summary, the failure to follow agreed-upon cybersecurity protocols has serious implications for both Clorox's IT systems and the safety of its workplace.

The Cyberattack Incident: Ignoring Security Protocols and Its Consequences

On August 11, 2023, a cyberattack occurred due to a critical failure in enforcing the established protocol of network credential reset without authentication. This oversight allowed a cybercriminal to exploit multiple weaknesses in Cognizant’s service desk operations, which were responsible for managing Clorox’s employee credentials.

Key elements of the attack include:

• Repeated unauthorized credential resets performed by Cognizant personnel who failed to verify the identity of the requesters. Audio recordings cited in legal proceedings reveal instances where service desk agents provided passwords without any authentication measures.
• The cybercriminal’s exploitation of this procedural neglect enabled unrestricted access to Clorox’s internal systems. The attacker gained control over network credentials that should have been protected by multi-factor authentication or equivalent verification protocols.
• Immediate consequences manifested as widespread corporate system disruptions, which compromised not only Clorox’s internal IT infrastructure but also its operational capabilities across supply chain and order fulfillment channels.

This breach highlights the dangers inherent when fundamental cybersecurity practices—specifically, strict adherence to credential reset authentication—are ignored. The lack of requester verification directly facilitated the cybercriminal’s ability to move undetected within sensitive environments, amplifying the impact of the intrusion on Clorox’s business continuity. Such incidents emphasize the significance of incident management scenario exercises in preparing for and preventing future breaches.

Consequences of Negligence: Business and Financial Impact on Clorox

The consequences of the August 11 cyberattack went beyond immediate technical issues, causing significant financial and operational problems for Clorox. The company has sued Cognizant Technology Solutions, accusing the IT service provider of gross negligence and breach of trust, claiming they failed to follow established cybersecurity protocols.

Key financial impacts include:

• Direct recovery costs exceeding $49 million, covering forensic investigations, remediation efforts, and system restoration.
• Business interruption losses approaching $380 million, reflecting halted operations and lost revenue streams.

These figures highlight the severity of the attack’s disruption to Clorox’s corporate network stability. The unauthorized credential resets compromised critical systems, triggering cascading effects on supply chain operations. Inventory management inefficiencies and delayed order fulfillment impaired customer commitments and strained vendor relationships.

Operational disturbances revealed vulnerabilities in Clorox’s crisis preparedness framework. The incident exposed gaps in resilience planning, highlighting the necessity for more robust continuity strategies capable of mitigating the impact of similar breaches. This situation emphasizes the importance of conducting emergency evacuation exercises and operational team tabletop exercises, which are crucial for testing a business continuity plan.

The ongoing lawsuit highlights how failures in managing third-party IT relationships can lead to significant risks for organizations, both financially and reputationally. Clorox’s description of Cognizant’s promises as a "devastating lie" shows deep concerns over avoidable mistakes that worsened the attack’s destructive power. Despite Cognizant’s reported $20 billion revenue in 2024 and stable stock performance, the harm suffered by Clorox reveals a stark difference between what providers claim and what clients experience during a cybersecurity crisis.

Moreover, this incident serves as a stark reminder of the necessity for comprehensive business continuity planning to ensure resilience against such unexpected disruptions. The need for transparent website terms and conditions also comes into play here, as it could potentially mitigate some risks associated with third-party service providers like Cognizant.

Incident Response Failures: Analyzing Cognizant's Inadequate Actions Post-Breach

Clorox asserts that the incident response failure Cognizant exhibited following the August 11 cyberattack significantly intensified the breach’s impact. Despite Cognizant’s public declarations emphasizing their cybersecurity expertise and extensive staff training, the reality revealed a stark disconnect between protocol and practice.

Key deficiencies identified include:

• Delayed containment measures: The initial response to unauthorized access lacked urgency, allowing the cybercriminals to maintain prolonged control over critical systems.
• Insufficient communication protocols: Failure to promptly inform Clorox stakeholders impeded coordinated crisis management efforts, prolonging operational disruption.
• Inadequate disaster recovery (DR) execution: Recovery procedures were not effectively implemented, resulting in extended downtime and compromised order fulfillment capabilities.

The absence of a robust IT Disaster Recovery (ITDR) framework contributed to cascading failures across Clorox’s corporate network, supply chain continuity, and customer service operations. ITDR strategies are designed to restore essential functions rapidly, minimizing financial loss and reputational damage. The incident exposed vulnerabilities in Cognizant’s preparedness and crisis response infrastructure that should have been mitigated through rigorous planning and regular resilience exercises.

A comprehensive approach integrating proactive threat detection, clear escalation pathways, and rehearsed recovery protocols remains indispensable in limiting fallout from sophisticated cyberattacks. The Clorox-Cognizant case underscores how deficiencies in this domain can transform an initially contained security lapse into a pervasive business crisis.

To address these shortcomings, it's crucial for organizations like Cognizant to invest in Crisis Management Executive Training, which can enhance leadership's crisis intelligence. Implementing regular Emergency Management Evacuation Exercises can also prepare teams for unexpected disruptions. Furthermore, adopting a structured ISO22301-2019 Post-Audit Resilience Improvement Plan could significantly bolster resilience by identifying weaknesses in current frameworks and implementing effective solutions. Lastly, leveraging Resilience Technology can provide businesses with advanced tools for crisis management and continuity planning, ensuring they are better equipped to handle future incidents.

The Accountability Debate: Gross Negligence and Breach of Trust in IT Service Provider Relationships

The Clorox lawsuit against Cognizant centers on allegations of gross negligence breach of trust, emphasizing the critical failures attributed to Cognizant's cybersecurity practices. Clorox asserts that Cognizant's disregard for established authentication protocols constituted a fundamental breach, exposing sensitive corporate systems to unauthorized access and resulting in extensive operational disruption and financial damage.

Statements from both parties reveal sharply divergent perspectives on responsibility for the cybersecurity failures:

• Clorox's Position: Contends that Cognizant ignored explicit contractual obligations to authenticate credential reset requests rigorously, thereby violating the trust inherent in their decade-long partnership.
• Cognizant's Response: Denies managing Clorox’s broader cybersecurity framework, characterizing its role as limited to narrow help desk services that were performed within agreed parameters. The company implies that Clorox's internal security measures failed independently of Cognizant’s actions.

This dispute highlights the complexities surrounding accountability standards for IT service providers tasked with safeguarding client data. The case underscores the necessity for:

• Clear delineation of roles and responsibilities regarding cybersecurity within contractual agreements.
• Rigorous enforcement mechanisms ensuring adherence to security protocols.
• Transparent communication channels to address vulnerabilities proactively.

Failure to uphold these standards not only jeopardizes client operations but also raises significant legal and reputational risks for service providers operating in an increasingly threat-laden digital environment.

Lessons Learned: Upholding Cybersecurity Protocol Adherence in IT Partnerships

The Clorox Company has filed a lawsuit against IT services provider Cognizant Technology Solutions, accusing it of gross negligence and breach of trust following a cyberattack that caused nearly $380 million in damages. Central to this litigation is the failure by Cognizant to follow established cybersecurity protocols, particularly regarding employee service desk responsibilities such as credential resets without proper authentication. This breach illustrates the catastrophic consequences that can arise when fundamental security measures are disregarded.

Key lessons emerge from this incident:

• Strict adherence to agreed security protocols remains non-negotiable in IT partnerships. Contracts must not only specify these protocols but enforce compliance rigorously to mitigate risks associated with credential management and access control.
• The role of continuous staff training and exercises cannot be overstated. Regular, scenario-based training for service desk personnel ensures familiarity with authentication requirements and reinforces the critical nature of protocol enforcement. This reduces human error vulnerabilities that cybercriminals commonly exploit.
• Advisory firms like Fixinc provide essential support by embedding resilience frameworks tailored to organizational needs. Their approach integrates business continuity with cybersecurity discipline, emphasizing comprehensive training, policy adherence, and incident preparedness. For instance, their Team-based Plan Walkthrough service offers a streamlined framework for effective team-based training.

The Clorox-Cognizant case underscores how lapses in protocol adherence combined with inadequate training precipitate severe operational and financial impacts. Organizations must institutionalize robust cybersecurity governance, emphasizing employee responsibility and ongoing education as pillars for securing sensitive systems against evolving threats.

Broader Implications for Supply Chain Resilience and Business Continuity Planning

The Clorox-Cognizant cyberattack exemplifies how cyber resilience extends beyond isolated IT system breaches to affect entire supply chains and operational continuity. Disruptions caused by unauthorized access can cascade through interconnected business functions, leading to halted production lines, delayed shipments, and compromised customer trust.

Key considerations for enhancing cyber resilience include:

• Holistic Integration of Cybersecurity Across Supply Chains: Cybersecurity protocols must transcend IT departments and embed within procurement, logistics, and vendor management to prevent ripple effects from localized attacks
• Cross-Functional Collaboration: Coordination between IT security teams, supply chain managers, and executive leadership ensures timely identification of vulnerabilities and aligned response strategies.
• Investment in Real-Time Monitoring Tools: Advanced analytics enable early detection of anomalies that could indicate emerging threats impacting operational flows.

Business continuity planning assumes critical importance in mitigating the impact of such incidents. Plans should incorporate:

1. Scenario-based Exercises simulating cyber-induced supply chain disruptions to test organizational readiness.
2. Redundancy Measures including alternate suppliers or logistics routes to maintain flow under compromised conditions.
3. Clear Communication Protocols facilitating transparent stakeholder engagement during crises.

Notably, Cognizant has not publicly responded beyond initial statements, while its stock price remains stable—highlighting potential gaps in accountability perceptions versus client impacts.

Embedding robust cyber resilience frameworks within business continuity strategies is essential to safeguard against the multifaceted risks posed by sophisticated cyberattacks on supply chains. This includes understanding the structure and functions of a Crisis Incident Management System (CIMS) which can significantly enhance our ability to respond effectively during such crises.

Moreover, it's crucial to recognize that business continuity planning is not a one-size-fits-all approach but should be tailored to fit the unique needs and risks of each organization. For instance, organizations in the public administration sector may require specific resilience programs designed for their unique real-world risks.

​